CVE-2025-68022
Missing Authorization in BlueX WooCommerce Plugin Allows Unauthorized Access
Publication date: 2026-02-20
Last updated on: 2026-04-27
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| bluex | bluex_for_woocommerce | to 3.1.6 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-68022 is a high-priority Broken Access Control vulnerability in the WordPress plugin BlueX for WooCommerce, affecting versions up to and including 3.1.6.
The vulnerability is caused by missing authorization, authentication, or nonce token checks in certain plugin functions, which allows unauthenticated users to perform actions that normally require higher privileges.
This means that attackers can exploit incorrectly configured access control security levels to bypass restrictions and potentially manipulate the plugin or website.
How can this vulnerability impact me? :
This vulnerability poses a significant security risk with a CVSS score of 7.3, indicating a high likelihood of exploitation.
Exploitation can allow unauthorized users to perform privileged actions on your WooCommerce site, potentially leading to data manipulation, unauthorized access to sensitive information, or disruption of e-commerce operations.
Since no official patch is currently available, affected users are advised to implement mitigation rules provided by Patchstack to block attacks until a safe patch is released.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability arises from missing authorization, authentication, or nonce token checks in certain functions of the BlueX for WooCommerce plugin, allowing unauthenticated users to perform privileged actions.
No specific detection commands or network/system scanning instructions are provided in the available resources.
What immediate steps should I take to mitigate this vulnerability?
No official patch is currently available for this vulnerability.
Patchstack has issued a mitigation rule that can block attacks exploiting this vulnerability until an official patch is released, tested, and safely applied.
Users are strongly advised to implement this mitigation immediately to protect their websites.